This project is read-only.

Project Gaby

The following script is provided "as is" to system administrators and security officers/engineers that want to enable TLS 1.2 on Windows Server 2008 R2 SP1.

This project provides a PowerShell script to enable TLS 1.2 and it disables SSL 2.0, SSL, 3.0, TLS 1.0, and TLS 1.1. The script also disables older ciphers.

The script also allows the operator to assign a department and a company name to the system to leveraged later as a Configuration Item. This allows the server to be targeted for patch management and remote execution based on these fields set within the registry.

The following are the instructions for deploying this solution.

  1. Logon to the system with an administrative command prompt.
  2. Type PowerShell.
  3. Find out the PowerShell execution policy on the server by typing get-executionpolicy and hitting enter.
  4. If the output returns either "RemoteSigned" or "Unrestricted" we can continue towards step 5. If the output returns "Restricted" type set-executionpolicy remotesigned and hit enter.
  5. Apply patch NDP45-KB2954853-x64 for .Net (assuming .Net is 4.5.2).
  6. Apply patch KB3080079 (Windows6.1-KB3080079-x64) for Windows Server 2008 R2 SP1.
  7. Reboot the system.
  8. When the server completes the reboot cycle logon using an administrative account.
  9. Place the script EnableTLS12Win2K8R2.ps1 that you have downloaded from the Downloads page on to the C:\ drive of the system.
  10. Open an administrative command prompt and type PowerShell.
  11. Proceed to the directory where you have placed the EnableTLS12Win2K8R2.ps1 script within the PowerShell CLI.
  12. Execute the PowerShell script by typing EnableTLS12Win2K8R2.ps1 and hitting enter.
  13. Follow the prompts from the script. 
  14. The system will reboot.
  15. Enjoy!



Last edited Oct 26, 2016 at 8:42 PM by delagardecodeplex, version 2